Bugtraq mailing list archives
Re: Non-PK encryption not vulnerable via low key length?!
From: softtest () wu1 wl aecl ca (Software Test Account)
Date: Thu, 16 Mar 1995 22:36:41 -0600 (CST)
On Thu, 16 Mar 1995, That Whispering Wolf... wrote:
Correct me if I am wrong - RC2 and RC4 are not public key cyrptosystems, and hence are not "prone" to the problems with low moduli.You are wrong. If the key is only 128-bit, that's a much smaller keyspace to brute-force attack than a 1024-bit key. (do the math)You add a qualifier here -- "brute force attack" -- that makes your statement technichally correct, but misleading. You generally see keyspaces of 1024 bits (etc) in public key cryptosystems (RSA/PGP). You see 128-bit keysizes on traditional cryptosystems, like RC2, RC4, IDEA (the -real- encryption in PGP), etc. The problem here is that the best way to break a public-key cryptosystem is _not_ by brute force. RSA gets it's strength from the fact that it's very hard to factor a large number (1024 bits, for example) made up of two multiplied large primes, into it's individual primes. To break RSA, you 'simply' have to factor the key, which is orders of magnitude faster than a brute force attack on the system. Large key sizes are required for public-key cryptosystems, because HUGE advances are being made in number factoring. 1024-bit keys are still out of reach, but for how long? In the case of RC2 and RC4, the best (known -- Important word here) attack is a brute force attack on the key -- something that is, for the moment, prohibative. Giveen huge advances in current technology, it'd still take YEARS to crack -one- key.
RC2 and RC4 are both public key systems -- then why wouldn't factoring the key prove equally as (greatly more) effective as with attacks on RSA/PGP. __pardon_my_misunderstanding__but__?
Anyhow, bottom line is that saying "RSA with a 1024 bit key is more secure than RC4 with a 128 bit key" is a bit silly -- You're comparing apples to oranges. Nobody's going to brute-force attack RSA, since there are much better ways to crack the system. -WW
Erik ____ _____ _______ __ Erik Lindquist / _ | / ___/ / _____/ / / Systems Administrator / /_| | / /__ / / / / AECL Whiteshell Laboratories / __ | / ___/ / / / / VOICE: (204) 753-2311x3145 / / | | / /____ / /_____ / /_____ FAX: (204) 753-2455 /_/ |_| /______/ /_______/ /________/ E-mail: lindquie () wu1 wl aecl ca
Current thread:
- Re: Lotus Notes Encryption Methods Dr. Frederick B. Cohen (Mar 14)
- Re: Lotus Notes Encryption Methods Perry E. Metzger (Mar 14)
- Re: Lotus Notes Encryption Methods Vishy Gopalakrishnan (Mar 14)
- Non-PK encryption not vulnerable via low key length?! Jonathan Cooper (Mar 15)
- Re: Non-PK encryption not vulnerable via low key length?! Mark G. Scheuern (Mar 15)
- Re: Non-PK encryption not vulnerable via low key length?! That Whispering Wolf... (Mar 16)
- Re: Non-PK encryption not vulnerable via low key length?! Software Test Account (Mar 16)
- Re: Non-PK encryption not vulnerable via low key length?! Adam Shostack (Mar 17)
- Re: Non-PK encryption not vulnerable via low key length?! Allan Sutton (Mar 17)
- Non-PK encryption not vulnerable via low key length?! Jonathan Cooper (Mar 15)
- Problems with wuftpd - password logging(?) DaVe McComb (Mar 16)
- Re: Lotus Notes Encryption Methods David Miller (Mar 17)
- <Possible follow-ups>
- Re: Lotus Notes Encryption Methods Paul C Leyland (Mar 17)
- Re: Lotus Notes Encryption Methods William McVey (Mar 17)